Open source: Are Microsoft and other holdouts about to crack?

It was only a matter of time. Commercial software providers, including Microsoft, that have so far been steadfast in their resolve to preserve at least some of their old business models, are finding that the open standards card that they've so cunningly played as a part of those models could now have turned out to be a deal with the devil.

It was only a matter of time. Commercial software providers, including Microsoft, that have so far been steadfast in their resolve to preserve at least some of their old business models, are finding that the open standards card that they've so cunningly played as a part of those models could now have turned out to be a deal with the devil. The open source devil.

Compliance with open standards has long been viewed as a critical part of any commercial software business model and, to varying degrees that suit their business goals, commercial software providers have not only complied with those standards, but also participated in and even initiated their development. But standards have always been a double-edged sword for commercial software providers. On one edge, compliance with them increases a product's ability to interoperate with other vendors' products and therefore, that product's market viability.

On the other edge, such interoperation often opens the door to substitution. To manage the risks that go with the rewards of standards compliance, software vendors have used a variety of tactics to keep customers from jumping ship. Finding the sweet spot between the two edges -- one that produces a winning business formula -- has always been tricky. The more vendors complied with standards and risked the loss of customers, the more praise they drew for their stewardship of standards. The more they attempted to addict users to proprietary extensions to the standards they were complying with (in order to prevent defection), the more they were criticized. With a few exceptions (eg: Microsoft for one), the richer the mixture of proprietary ingredients in a vendor's proprietary/standards blend, the more a vendor and its products risked market rejection.

Now, however, those vendors' daring play of both sides of the coin may be coming back to haunt them as the software community appears to be on the verge of reconciling the incompatibilities between open source licensing and open standards licensing. Today, as evidenced by the most popular Web server's (Apache) inability to embrace one of the most important new security standards (WS-Security), the licensors of the technology behind certain, supposedly open standards are realizing that those standards could face market rejection (which in turn could lead to product rejection) unless the license incompatibilities between the market's favorite software and the most important standards are resolved. Thanks to the fact that some of "the market's favorite software" is open source software, as is the case with Apache, no where else but here, in this conflict between the open source and open standards world, is the pain of open source being felt more by the "old school" commercial software vendors.

Because of how important market acceptance of certain standards are to the success of their products, the market-driven need to reconcile the licensing differences has turned out to be open source's foot in the door at those vendors. And it isn't just a toe in the door. The foot is fully through the doorway and the knee is now what's between the door and the jam. As evidenced by the way Microsoft CEO Steve Ballmer has adjusted his open source rhetoric from calling open source a "cancer" to saying "We compete with products. We don't compete with movements." (see Microsoft learns to live with open source) and from the way the company has embraced open source (everything from permitting open source licenses on third party .NET software to open sourcing some of its own code), commercial software companies are clearly being motivated by the market to adopt an increasingly open source friendly position. Now, the question is whether or not the market-driven need to reconcile the open source/open standards incompatibilities will push them right over the edge.

Though he doesn't credit the "reconciliation effect," Open Source Development Labs CEO Stuart Cohen was reported in InfoWorld as saying yesterday that "as open source software grows, Microsoft will make its applications available in open source form." That would have to be about the most bitter pill that Microsoft could swallow. But, given the rub between the open standards and open source worlds, Microsoft and other software companies like it may have no choice. In his treatise about open source's head-butting with open standards, OASIS' legal counsel Andy Updegrove explains why that may be:

...one can expect that IBM, which has placed huge strategic bets on open source, will work things out speedily and amicably with Apache. But what of Microsoft, which, at least superficially, has little reason to do anything to encourage the spread of open source software?

Well, we can still hope for progress there. Why? Here are a few reasons.

First, the world already overwhelmingly relies on Apache servers, and Microsoft isn't likely to spend its resources trying to reverse that reality. Second, Microsoft has had enough bad press over the years regarding security issues, so it will be better off if WS-Security is broadly implemented. Third, there are doubtless numerous benefits that Microsoft must expect from WS-Security becoming ubiquitous (with or without the licensing term in question) that should offset the concession of dropping the offending term. Also, Microsoft doesn't need any more headaches in open-source bullish Europe, which continues to press Microsoft on antitrust grounds whenever it can. And finally, Microsoft is spending more and more time setting up joint strategies with historically strange bedfellows such as IBM and Sun – both of which are firmly on the open source bandwagon.

But before saying that in his post, Updegrove does a great job of articulating the rub between the open source and open standards models and predicts why the two will eventually be reconciled. A reconciliation that will be brought about by market forces (not the will of the vendors) and that could lead to the changes he anticipates at Microsoft:

...there are two consensus systems in use today that end users like you and me wish need to work together productively and efficiently, but which haven't yet fully worked out how to do so..... Among open source advocates, licensing terms are a matter of principle, while in the open standards community, licensing terms are matters of pure dollars and cents. If market forces lead towards royalty free GNU licensing, then those terms will become staples in open software standards. Personally, I believe that it’s only a matter of time before this happens, at least in some software areas (and eventually, perhaps, in most). Another way of saying it is that when open source software becomes more important than proprietary software, then a tipping point will be passed at which the vendors themselves will be the ones that demand GNU terms even before they are asked to offer them. Many major vendors are already at, or approaching that point.

Although he's not speaking on behalf of OASIS, the one point that Updegrove doesn't make clear is how these shifts will force patent shelters like OASIS -- where supposedly open standards like WS-Security get hammered out -- to once again re-adjust their intellectual property (IP) models. To the extent that OASIS, by its CEO Patrick Gannon's own admission, is subject to the will of its members (the vendors), market leverage over vendors is the only force that can bring about such change. This is different from the World Wide Web Consortium where the organization's governance is independent and has significantly more freedom to do what it thinks the right thing to do is (for example when, in 2003, it ratified its royalty free patent policy). I'm not saying that OASIS can't be a worthwhile IP regime. But, under OASIS' current policies, you should treat anything coming out of it with the word "standard" on it with a grain of salt. Some want the term "OASIS standard" to be term of comfort. To me it sets off all sorts of red flags.

The OASIS digression is an important one. While we wait in limbo for the aforementioned tipping point to come, the terms "open" and "standard" are still getting thrown around pretty loosely -- sometimes on purpose when doing so serves the selfish needs of certain parties. As long as such confusion is promulgated, the tipping point is hastened because fewer voices are outraged than should be. In one of his blog posts, IBM's vice president of Standards and Open Source Bob Sutor touches upon the idea of setting up an openness index (his graphic of the concept is above) on which various specifications can be placed so that technology licensees (practically everybody) can easily identify how open something claiming to be a standard really is -- at least relative to other specifications ("standard" or not). Helping the masses to visualize the differences in licensing terminology could go a long way towards raising the noise level to the point that the tipping point comes sooner rather than later. For example, if most people knew that the various specifications that get called "OASIS standard" could fall almost anywhere in such a closed-to-open spectrum, the term would cease to carry any significance. OASIS and technologists would be much better served by several imprimaturs instead of just one. For example:

OASIS RF (color: YELLOW = royalty-free is way better than RAND, but proceed with caution because RF doesn't guarantee that there aren't other intolerable encumbrances).

OASIS OPEN (color: GREEN = fully unencumbered. Not only does it have the benefits of OASIS RF, it requires no explicit execution of a license with the licensor. This is transferable and is either open source or Creative Commons-based).

OASIS GOLD (color: GOLD = all the benefits of OASIS OPEN, but with the relevant patent holders offering to defend users with their patents).

Bear in mind, I'm just using OASIS as an example. Such ratings could be organization independent since you'd want to see them attached to specifications or licenses being produced under other regimes (some more RAND-oriented than others) such as the Java Community Process (the JCP), the Open Source Initiative (the OSI), ECMA International, the American National Standards Institute (ANSI) and the International Standards Organization (the ISO). Granted, there are a lot of shades in between, but I propose that we must start somewhere with major nodes instead of constantly debating about it. With clearly labeled badges such as these, and mandatory rules for their application and usage, you can imagine how the market might quickly guide the industry away from the RED end, past the tipping point, and closer to the GOLD end.

In his blog, Updegrove says "In truth, traditional open standards users would be delighted if open standards required neither licenses nor royalties – but those that develop open standards simply have not been asked in the past by their constituencies to require the same degree of IPR sacrifice in the vast majority of standard setting situations as their brethren in the open source world require in all projects." What he fails to acknowledge is that part of the reason there hasn't been such an outcry is that, much to the credit of the so-called "standards-setters," the wool that blurs the definition of open has been pulled over the eyes of those constituencies -- obfuscated by terms like "OASIS standard." The truth is that they have been asked. Just not by enough people because it's hard to fight the FUD and get the word out. In the mean time, there have historically been organizations like the W3C and a few lonely voices out there who try to educate the masses and who ultimately stand up for what's right on behalf of the constituencies that don't realize what they should be standing up for. Without being asked.